WinSSHD 3.xx Version History

Backported the fix for the potential SFTP containment vulnerability issue, as documented for WinSSHD 4.20.

Changes in WinSSHD 3.31b: &lsqb; 28 April 2005 &rsqb;

SFTP sessions would break after transferring 8GB of data. Fixed.

Client-initiated server-2-client port forwarding rules would be abandoned during a configuration reload. Fixed.

When
defining listening rules for client-initiated server-2-client port
forwarding, it was not possible to define multiple listen rules with
the same interface, even if the port was different. Fixed.

Some
clients would send the 'pty-req' channel request before launching SFTP,
instructing WinSSHD to launch the SFTP module under a layer of terminal
emulation. This would cause the SFTP session to break. WinSSHD will now
always launch the SFTP module directly.

Changes in WinSSHD 3.31a: &lsqb; 01 April 2005 &rsqb;

Fixed
a couple of trace events that WinSSHD was logging, incorrectly, under
the security context of the SSH user instead of the security context of
the service. If trace logging to textual log file was enabled, and if
the SSH user did not have permission to open the log file for writing,
WinSSHD could shut down when unable to open the log file.

Users
who use a previous WinSSHD version and have it configured to log trace
messages in a textual log file are recommended to either upgrade to the
latest release, or reduce the log level to Info. Users not using a log
file or not logging trace messages can upgrade at their discretion.

Changes in WinSSHD 3.31: &lsqb; 27 January 2005 &rsqb;

WinSSHD now comes with a bvPwd
utility allowing regular users to change their passwords from the
console. Note that an administrator can always use the console to
change anyone's password with the Windows 'net user' command.

To
resolve reported inconveniences, WinSSHD now does not at all, by
default, clear passwords from the password cache when LogonUser()
denies a login attempt after successful public key authentication.
WinSSHD can still be configured to clear the corresponding cache entry
in this situation by enabling the
'session.clearPwdCacheOnPubKeyAuthFailure' wcfg setting.

Fixed
problems with starting the SFTP server module that occured on some
machines. The problems were distinguished by a 'Received invalid ID'
error among the events in the WinSSHD log.

Error
code descriptions ceased working in version 3.30 - just the Windows
error code would be logged and no description. Descriptions are now
again properly included.

Changes in WinSSHD 3.30a: &lsqb; 10 January 2005 &rsqb;

Fixed
the (harmless, but annoying) 'Bad service request' Windows Event Log
error that would be logged due to a Windows service control message
that WinSSHD wasn't expecting.

The bvterm server can now receive and handle the Ctrl+Break signal. Requires Tunnelier 3.60a or newer.

Changes in WinSSHD 3.30: &lsqb; 24 December 2004 &rsqb;

New features:

Implemented
IP address lockout after a configurable number of login attempts. By
default, WinSSHD will now lock out for 1 hour any IP address that
connects unsuccessfully 20 or more times in a 5 minute period. These
values can be changed, but are not yet available through the graphical
WinSSHD Settings interface; they can be configured through wcfg.
Execute 'q session.?' from wcfg for help - the settings are
session.ipBlockWindowSecs (default 300), session.ipBlockThreshold
(default 20) and session.ipBlockLockoutSecs (default 3600). Setting any
of these values to 0 will disable the automatic lockout feature.

2048-bit
key exchange is now supported (the diffie-hellman-group14-sha1
algorithm). This applies to the key exchange algorithm only, server
keypair algorithm support remains same.

Debug
dump output can now be configured through WinSSHD Settings, allowing
rarely occuring SSH protocol and program issues to be diagnosed where
they appear. The debug dump output can be configured by selecting
custom logging and enabling the desired LOG_D_xxxx events.

The graphical utilities now support the XP look and Windows themes.

If
exec requests are not permitted for a user, but shell access is,
WinSSHD will now execute the shell instead of the exec request. This
helps with clients which set up the terminal differently for exec
requests than for the shell (plink for example), and where only a
single specific command is allowed, regardless of what the client
attempts to run.

Added
configuration setting to prevent WinSSHD advertising its exact version
in the SSH version string. The setting is not yet available through the
graphical WinSSHD Settings interface but can be set through wcfg
(server.omitVersion).

Made
configurable the speed with which WinSSHD accepts connections. The
setting is for advanced use and is not yet available through the
graphical WinSSHD Settings interface, but can be set through wcfg
(server.acceptDelayMs).

Fixes and improvements:

WinSSHD
is now more tolerant towards SSH clients that continue to send data
while key re-exchange is in progress. Any data received during this
stage is now queued and processed once the re-exchange completes.

On
the NT4 platform, WinSSHD would disconnect a session when a shell or
SFTP child process was executed with the 'Allow Job Breakaway' setting
enabled. Fixed. (As a side note, the 'Allow Job Breakaway' setting does
not apply on NT4. Process jobs are an OS feature introduced by Windows
2000.)

WinSSHD now handles
the SERVICE_ACCEPT_SHUTDOWN service control message to exit more
gracefully when the system is shutting down.

WinSSHD
now waits twice as long (3 seconds, previously 1.5) to open the log
file before shutting down due to being unable to log.

DNS
name IP rule processing changed to more closely match intuitive
expectations. Rules are now always processed in the order of IP rules
first, DNS name rules second.

Logon
delaying did not achieve its objective with multiple concurrent login
attempts. Multiple concurrent login attempts are now queued and only
one per login delay interval is processed, as must be.

Fixed a problem with high CPU consumption during SFTP sessions which occured on some users' machines.

The
DH public key of the remote party is now not validated during Diffie
Hellman key exchange. This makes WinSSHD interoperable with clients
that fail to generate a valid DH key. Validation is not essential for
security because the keys are temporary.

Corrected
processing of DNS-name connect or accept rules with an IP address
input. WinSSHD now does a secondary DNS-to-IP lookup to verify the
IP-to-DNS lookup results. This applies in particular to the ability to
allow or deny incoming connections based on the origin DNS name
(v3.28+). The correction provides resistance to DNS spoofing.

Internal
handling of logon session usernames changed in 3.28, requiring password
cache entries to be reinitialized for public key authentication.
Version 3.28b adds compatibility with old password cache entries so
that passwords do not need to be reentered for accounts using public
key login.

Changes in WinSSHD 3.28a: &lsqb; 02 September 2004 &rsqb;

Fixed
a bug in WinSSHD Settings - the 'On Logon Command' dialog would
incorrectly store the command string as the on-logoff command instead.
The on-logon command could still be set correctly from the Account or
Template dialogs, but changing it from the 'On Logon Command' dialog
would affect the on-logoff command instead.

Changes in WinSSHD 3.28: &lsqb; 30 August 2004 &rsqb;

New features:

Server-side port forwarding:
in conjunction with a client that supports this feature, WinSSHD
supports configuration of client-to-server and server-to-client port
forwarding rules on the server. A client merely has to log in and the
latest port forwarding rule settings are applied automatically, no
client-side configuration changes are required. At the time of this
release, this is supported in our Forwarder client only (email us if
interested).

WinSSHD now supports multiple templates.
Users can be distributed into groups by inheriting from different
templates. Settings for a group can be modified by changing the
settings of the template that the users belonging to this group inherit
from.

WinSSHD now reloads
settings dynamically in session threads. Previously, when the
configuration was changed, existing sessions would keep using the old
settings until the users reconnected. Now, new settings apply
immediately to all sessions, new as well as already established.

Improvements
in the textual settings language used by wcfg and WinsshdCfgManip. A
'With' clause is now supported for easier access to deep-nested
settings. Also, all lists have been replaced by sorted ones.

wcfg and the WinsshdCfgManip COM object now provide means to set or clear a user's password in WinSSHD's password cache.

The bvRun utility now supports launching a process on a different window station and desktop.

When
a client reconnects after a disconnect that has not yet been detected
at the server and issues server-to-client port forwarding rules that
were already established by the previous session, WinSSHD will grant
the rules to the new session and silently remove them from the previous
one.

WinSSHD now implements an active keep-alive and broken session detection scheme based on global requests.

Textual log file log entries now have sequence numbers.

Fixes and improvements:

Fixed Ctrl+C handling on Windows 2003 Server.

Fixed account name lookup problem when the account name being looked up equals the name of the local machine.

Reliability
of text file logging significantly improved. It is still possible to
move a text file out from underneath of WinSSHD while it is running,
however the chance of needing to repeat the attempt is greater than
before because WinSSHD now keeps the log file opened up to 1.5 seconds
after the last log entry. If there is any error during logging, this
will now cause WinSSHD to shut down. (For security reasons; previous
behavior was to continue running.)

Unicode settings files with a Unicode prefix can now be imported. Previously the prefix had to be manually removed.

The
correct failure reason is now sent to the client when the client is not
allowed to use client-to-server port forwarding ('administratively
prohibited', previously 'unknown channel type').

Corrected handling of international characters in the WinSSHD Control Panel's event log.

Fixed
issue with the on-logon and on-logoff commands not being started on
Windows Server platforms due to a STARTUPINFO parameter that was NULL
instead of empty.

Usernames
are now converted to uppercase before being passed to the relevant
Windows username checking functions - case-sensitivity issues with
lowercase usernames had been reported.

The
order in which socket rules are processed now makes more sense. The
sequence previously was, for example, IP-own, IP-inherited, DNS-own,
DNS-inherited. The processing sequence now is IP-own, DNS-own,
IP-inherited, DNS-inherited. The first encountered set of rules that
has a match is used.

The wrapping routine used by WinSSHD for text file logging now wraps long words at the correct column.

Changes in WinSSHD 3.26: &lsqb; 05 June 2004 &rsqb;

Support
for socket rules - finely granular control of C2S/S2C forwardings that
a client can initiate. This feature is configurable textually through wcfg for the time being. See the Users' Guide for help on getting started with the wcfg utility.

Introduced
tolerance of window size violations for interoperability with not so
well implemented clients whose authors cannot be reached or persuaded
to fix their software (WS_FTP specifically).

Fixed
configurability issue in WinSSHD Settings GUI: version 3.25 introduced
a change in how string values in account settings are inherited from
template settings; this wasn't properly reflected in the default values
assumed by WinSSHD Settings when adding new account entries.

WinSSHD now supports SFTP plugins, see SftpPluginSample.cpp (included with the installer).

WinSSHD can now log trace messages on initiation and completion of key exchange and key re-exchange.

The following new features are also available, but can at this time only be configured through the wcfg utility:

support
for automatically executed on-logon and on-logoff commands
(access.tmpl.onLogonCmd, .onLogoffCmd, or for individual accounts in
access.accounts.*)

support for executing commands to continue running after the end of the SSH session, using the supplied bvRun utility (can be enabled with access.tmpl.allowSessionJobBreakaway, or for individual accounts in access.accounts.*)

various
improvements to the wcfg syntax, including the ability to refer to an
account entry by name, for example: access.accounts.findfirst(account
eq 'john').permitSftp true

Fixes:

The SFTP server now correctly lists contents of directories containing files with very old modification/access times.

The
SCP implementation now returns exit code 1 when any error occurs, even
if non-fatal. This appears to be more consistent with the expectations
of the OpenSSH implementation.

WinSSHD
now does not any more close the session channel once EOF has been sent
and received, but always waits for the child process to terminate. This
resolves a race condition which would result in the exit code of the
child process not being sent to the SSH client, for example after an
SCP transfer where EOF was sent by the client at the end of upload, or
after completion of an exec request where EOF was sent in advance by
the client due to redirection of input from /dev/null.

Disabling of server-side key re-exchange and disabling of the keep-alive timeout did not work since 3.21; now fixed.

Changes in WinSSHD 3.24: &lsqb; 05 March 2004 &rsqb;

The
SFTP server now returns an accurate 'Permission denied' message instead
of 'No such file' when trying to access an off-limits directory.

Fixed SFTP logging problems which would lead to the SFTP server failing to start in some circumstances.

Changes in WinSSHD 3.23: &lsqb; 28 February 2004 &rsqb;

The SFTP subprocess would fail in some environments due to improperly sorted variable name passing. Variables are now sorted.

WinSSHD settings can be administered programmatically through the supplied WinsshdCfgManip COM object.

Logging thoroughly reworked:

SFTP actions can now be logged;

logging to file is possible independently of logging to the Windows Event Log;

logging can be configured on a per-event basis.

Added support to configure a session inactivity timeout.

Added logon attempt delay for unsuccessful login attempts.

Fixed
event signaling issue which in some environments would cause WinSSHD
occasionally not to react to a session event until another session
event occured. This would manifest itself e.g. as closing of a channel
being delayed until a key was pressed or until a keep-alive timeout
occurred.

Fixed occasional
key re-exchange problem - WinSSHD could have triggered key re-exchange
when it was already just initiated by the client.

Fixed occasional service registration problem on NT4 - service filename now quoted.

Changes in WinSSHD 3.11:

Further
improvements in performance and responsiveness: the SSH implementation
is now even faster than in 3.09, uses less CPU time and handles flow
control better in sessions with many channels.

Changes in WinSSHD 3.09:

WinSSHD is now significantly faster: SFTP file transfer speeds can reach 3 MB/s or more with a suitable client.

A
much larger number of simultaneously open channels are now supported:
up to 1000 session channels or up to 2000 port forwarding channels can
be active at the same time.

The
'Initial Directory' setting now applies not only to terminal sessions,
but also to exec requests and SFTP sessions (unless an incompatible
SFTP Root Directory setting is used).

Changes in WinSSHD 3.07:

Added
support for 128-bit versions of the AES and Twofish algorithms.
Previously, only the 256-bit versions were supported. Added alias
'twofish256-cbc' for 'twofish'.

Improved activation process for large-scale deployments.

WinSSHD
now automatically detects an activation code when it is entered through
the WinSSHD Control Panel or remotely using Tunnelier's WinSSHD Remote
Control feature. Previously, the server had to be nudged to reload its
configuration before it would detect a newly entered activation code.

Authentication
logging improved to include greater detail - the authentication method
used by the client, as well as the algorithms and fingerprints of
presented public keys.

If
a too large bvterm window is requested, WinSSHD will now use the
maximum acceptable window size instead of aborting the bvterm session.

WinSSHD
now uses SIDs when resolving and comparing account names, resulting in
more accurate recognition of users as they log in. If user 'john' is
configured in WinSSHD Settings, but he logs in as 'computer\john',
WinSSHD will now properly recognize him and apply the configured
settings.

The WinSSHD SFTP
server now allows the client to set time attributes on directories.
This fixes a minor compatibility issue with ssh.com's client (an error
message appearing when creating a directory on the server).

Changes in WinSSHD 3.05:

WinSSHD now reports to the client the exit code of exec requests.

The installer is now better at interpreting the Windows version when run on .NET Server.

Changes in WinSSHD 3.04:

WinSSHD now writes its .WST settings so that they are compatible with earlier 3.xx versions of Tunnelier.

The
installation program now doesn't bug you about .WST file association,
and it doesn't create any registry keys until installation has actually
started.

Changes in WinSSHD 3.03:

Implemented more graceful handling of situations where the child process closes its stdin before all data has been input.

It is now possible to use quotes inside configuration strings that specify a user's shell.

WinSSHD
now takes measures to verify that the user has proper permissions for
the working directory in which a child process will be executed. This
averts inappropriate default Windows behavior in case the user's
permissions have been misconfigured.

Changes in WinSSHD 3.02:

Improved the installation ID generation process so that the installation ID is likely to remain the same even if the whole operating system is
reinstalled.

Fixed bug which caused some 3.1% of activation codes not to be handled properly.